AWS expansion in Europe likely under data localization pressure

An AWS Germany region is expected as part of the cloud behemoths expansion in Europe, along with stronger partnerships between local service providers -- but IT pros say data localization is only one piece of the puzzle.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

the continent -- one local data center at a time.

While some industry watchers think concerns about the U.S. National Security Agency (NSA) will fade in most of Europe, Germany is an exception. Its laws against personally identifiable information leaving the country are strongest among European Union (EU) countries and its reaction to the Snowden revelations about the NSA's PRISM surveillance program have been among the strongest.

With data localization pressures mounting, one cloud consultant with international clients said Amazon Web Services (AWS) may need to build a data center in Germany to win business there.

"The Germans are pretty specific about [personally identifiable information] for their citizens not leaving Germany," said Kris Bliesner, CEO of 2nd Watch, a cloud computing consultancy and systems integrator in Seattle.

Keeping data in Germany will not keep the NSA's legion of cyber-warriors out.
Christopher Soghoianprincipal technologist for the ACLU

AWS plans to open a data center in Frankfurt, Germany, according to published reports. AWS would not provide comment on record about their data center plans.

In addition to opening a new data center, Amazon might deepen its partnerships with developing local cloud service providers in Germany and other EU countries. There's precedent for this in AWS' relationship with Datapipe Inc. in China, for example.

These local cloud service providers are here to stay, having sprung up even after AWS made its presence felt in Europe with its first data center in Dublin, Ireland, said Rory Duncan, research director for European services for the 451 Research, based in New York.

Duncan expects AWS to partner with smaller companies to offer Direct Connect access to AWS data centers so that storage can remain local, in a hybrid configuration.

"Going forward I expect there to be some kind of co-existence between Amazon and regional firms," Duncan said.

AWS encryption is key, local data center or not

No matter where AWS' data centers are located, IT pros must do what they can to secure data in the cloud.

"We make sure that we partition, isolate and classify our data … and then we put the right level of controls around that, irrespective of Amazon's coverage of that data," said Jim O'Neill, CIO for Hubspot Inc., a marketing software as a service company based in Cambridge, Massachusetts.

This reflects other public statements by AWS CTO Werner Vogels last month, which also emphasized the need for strong encryption regardless of where data is stored, as well as the testimony of Christopher Soghoian, principal technologist for the American Civil Liberties Union (ACLU), before German Parliament on June 26.

"Keeping data in Germany will not keep the NSA's legion of cyber-warriors out," Soghoian said. "Rather than focusing on where the data is kept, you should be focusing your attention on the need to encrypt data."

Still, AWS controls the keys to encryption for services such as the Elastic Block Store, not users, with the recent and notable exception of the Simple Storage Service. And while AWS participates in safe harbor programs and commits to keeping data out of selected AWS Regions as part of its Customer Agreement, the company can be elusive. Especially on contracts that guarantee data won't leave a certain country within a certain region, or exactly how data is backed up for disaster recovery within regions.

"They aren't very forthcoming about what they're doing, what [data] is backed up and what's not backed up and where," Bliesner said. "I would just like them to be more crystal clear with customers around what's actually going to happen with their data."

1 comment

Register

Login

Forgot your password?

Your password has been sent to:

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy